Login and Authentication

auth not required

Authentication for 1Konto services is implemented using JSON Web Tokens (JWT).

For security purposes, 1Konto doesn't store or transmit any plaintext passwords -- all plaintext passwords are hashed over the wire and then put through industry standard key derivation in line with industry best standards.

As an example, if the email is '[email protected]' and the plain text password is 'password', the password will be converted to its SHA256 hash before using it to authenticate the user. Example: '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8'

The API issues tokens with a 24 hour expiry. Requesting a new token before expiry can be done by making a new request to the login endpoint.

Log In

POST /api/v1/{service}/jwt

Body Parameters:

Body

Type

Description

user *

string

your user ID

password *

string

your password

Example

POST /api/v1/identity/jwt

// Request body
{
  "user": "[email protected]",
  "password": "password"
}

The token property in the response must be provided in subsequent requests to the api in the form of an Authorization: Bearer <Token> header.

{
    "user": "userId",
    "email": "[email protected]",
    "token": "superSecretToken",
    "name": "Example Name",
    "status": "ok",
    "httpStatusCode": 200
}

// Error Response body
{
  "status": 401,
  "error": "Unauthorized"
}

// Error Response body
{
  "status": 403,
  "error": "Forbidden"
}

Include in all calls after login, in the Header:

// header
Authorization:  Bearer <superSecretToken>

PreviousAuthentication NextMarket Data

Last updated 3 months ago

hashtagLog In

hashtagExample

Log In

Example